cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
799
Views
0
Helpful
2
Replies

Testing IPS modules on ASA 5505

How do you all test the IPS traffic on the AIP-SSC5 in a 5505, since the default signatures are retired and you can't unretire them, one cannot enable the signatures 2000-2012 on the 5505.

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
VIP Mentor

Look at the web-signatures.

Look at the web-signatures. There are a couple of them that shoudn't be retired. For example attacks like directory-traversal or access of cmd.exe. These can be easily tested in a browser or with a vulnerability scanner like nessus.

View solution in original post

2 REPLIES 2
Highlighted
Rising star

Differences Between the

Differences Between the Modules

The IPS module for the ASA 5510 and higher supports higher performance requirements, while the IPS module for the ASA 5505 is designed for a small office installation. The following features are supported for the ASA 5510 and higher, and not for the ASA 5505:

Virtual sensors

Anomaly detection

Unretirement of default retired signatures

Highlighted
VIP Mentor

Look at the web-signatures.

Look at the web-signatures. There are a couple of them that shoudn't be retired. For example attacks like directory-traversal or access of cmd.exe. These can be easily tested in a browser or with a vulnerability scanner like nessus.

View solution in original post